Download
| Alert*
oval:org.secpod.oval:def:601123
Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting. oval:org.secpod.oval:def:600993 Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malic ... oval:org.secpod.oval:def:600915 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, SQL injection, and information disclosure vulnerabilities and corresponds to TYPO3-CORE-SA-2012-005. oval:org.secpod.oval:def:600783 Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output ... oval:org.secpod.oval:def:600771 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. ... oval:org.secpod.oval:def:601346 typo3 is installed oval:org.secpod.oval:def:601183 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. oval:org.secpod.oval:def:600606 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletion oval:org.secpod.oval:def:600876 Several vulnerabilities were discovered in TYPO3, a content management system. CVE-2012-3527 An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users. CVE-2012-3528 The TYPO3 backend contains several cross-site scripting vulnerabilities. CVE-2012-352 ... |